mirror of https://github.com/openbsd/www.git
remove two stray backticks and add quotes after href for consistency.
from andras farkas
This commit is contained in:
parent
e21cc2a888
commit
d582ffb169
166
71.html
166
71.html
|
@ -317,7 +317,7 @@ to 7.1.
|
|||
<li>Added a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
|
||||
cache of regions between 128k and 2M to accommodate programs
|
||||
allocating and deallocating regions of these sizes quickly.
|
||||
` <li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
|
||||
<li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
|
||||
for mtime/atime/ctime extended headers (in not-SMALL builds).
|
||||
<li>Added -k flag to <a
|
||||
href="https://man.openbsd.org/gzip.1">gzip(1)</a> and <a
|
||||
|
@ -471,7 +471,7 @@ to 7.1.
|
|||
<li>Added support for tpm2 CRB interface to <a
|
||||
href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
|
||||
regressions on the Surface Go 2 caused by a firmware change.
|
||||
` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
|
||||
<li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
|
||||
device tree with at least one page of free space to extend into. This
|
||||
fixes booting on VMWare Fusion.
|
||||
<li>Stopped binding audio devices exposed by <a
|
||||
|
@ -1075,7 +1075,7 @@ to 7.1.
|
|||
<li>Security
|
||||
<ul>
|
||||
<!-- OpenSSH 8.9 -->
|
||||
<li>Near miss in <a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li>Near miss in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix an integer overflow in the user authentication path
|
||||
that, in conjunction with other logic errors, could have yielded
|
||||
unauthenticated access under difficult to exploit conditions.<br>
|
||||
|
@ -1090,44 +1090,44 @@ to 7.1.
|
|||
<li>In OpenSSH 8.9 the FIDO security key middleware interface
|
||||
changed and increments SSH_SK_VERSION_MAJOR.
|
||||
<!-- OpenSSH 9.0 -->
|
||||
<li>This release switches <a href=https://man.openbsd.org/scp.1>scp(1)</a>
|
||||
<li>This release switches <a href="https://man.openbsd.org/scp.1">scp(1)</a>
|
||||
from using the legacy scp/rcp protocol
|
||||
to using the SFTP protocol by default.<br>
|
||||
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
|
||||
"scp host:* .") through the remote shell. This has the side effect of
|
||||
requiring double quoting of shell meta-characters in file names
|
||||
included on <a href=https://man.openbsd.org/scp.1>scp(1)</a>
|
||||
included on <a href="https://man.openbsd.org/scp.1">scp(1)</a>
|
||||
command-lines, otherwise they could be interpreted
|
||||
as shell commands on the remote side.<br>
|
||||
This creates one area of potential incompatibility:
|
||||
<a href=https://man.openbsd.org/scp.1>scp(1)</a> when using
|
||||
<a href="https://man.openbsd.org/scp.1">scp(1)</a> when using
|
||||
the SFTP protocol no longer requires this finicky and brittle quoting,
|
||||
and attempts to use it may cause transfers to fail. We consider the
|
||||
removal of the need for double-quoting shell characters in file names
|
||||
to be a benefit and do not intend to introduce bug-compatibility for
|
||||
legacy scp/rcp in <a href=https://man.openbsd.org/scp.1>scp(1)</a>
|
||||
legacy scp/rcp in <a href="https://man.openbsd.org/scp.1">scp(1)</a>
|
||||
when using the SFTP protocol.<br>
|
||||
Another area of potential incompatibility relates to the use of remote
|
||||
paths relative to other user's home directories, for example -
|
||||
"scp host:~user/file /tmp". The SFTP protocol has no native way to
|
||||
expand a ~user path. However,
|
||||
<a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>
|
||||
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>
|
||||
in OpenSSH 8.7 and later support a protocol extension
|
||||
"expand-path@openssh.com" to support this.<br>
|
||||
In case of incompatibility, the
|
||||
<a href=https://man.openbsd.org/scp.1>scp(1)</a> client may be instructed to use
|
||||
<a href="https://man.openbsd.org/scp.1">scp(1)</a> client may be instructed to use
|
||||
the legacy scp/rcp using the -O flag.
|
||||
</ul>
|
||||
|
||||
<li>New features
|
||||
<ul>
|
||||
<!-- OpenSSH 8.9 -->
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-add.1>ssh-add(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
add a system for restricting forwarding and use of keys added to
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>
|
||||
A detailed description of the feature is available at
|
||||
https://www.openssh.com/agent-restrict.html and the protocol
|
||||
extensions are documented in the
|
||||
|
@ -1135,52 +1135,52 @@ to 7.1.
|
|||
>PROTOCOL</a> and
|
||||
<a href="https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.agent?annotate=OPENBSD_7_1"
|
||||
>PROTOCOL.agent</a> files in the source release.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
add the sntrup761x25519-sha512@openssh.com hybrid
|
||||
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
|
||||
default KEXAlgorithms list (after the ECDH methods but before the
|
||||
prime-group DH ones).
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
when downloading resident keys from a FIDO token,
|
||||
pass back the user ID that was used when the key was created and
|
||||
append it to the filename the key is written to (if it is not the
|
||||
default). Avoids keys being clobbered if the user created multiple
|
||||
resident keys with the same application string but different user
|
||||
IDs.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
better handling for FIDO keys
|
||||
on tokens that provide user verification (UV) on the device itself,
|
||||
including biometric keys, avoiding unnecessary PIN prompts.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: add "ssh-keygen -Y match-principals" operation to
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: add "ssh-keygen -Y match-principals" operation to
|
||||
perform matching of principals names against an allowed signers
|
||||
file. To be used towards a TOFU model for SSH signatures in git.
|
||||
<li><a href=https://man.openbsd.org/ssh-add.1>ssh-add(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
allow pin-required FIDO keys to be added
|
||||
to <a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>.
|
||||
to <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>.
|
||||
$SSH_ASKPASS will be used to request the PIN at authentication time.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
allow selection of hash at sshsig signing time
|
||||
(either sha512 (default) or sha256).
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
read network data directly to the packet input
|
||||
buffer instead of indirectly via a small stack buffer. Provides a
|
||||
modest performance improvement.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
read data directly to the channel input buffer,
|
||||
providing a similar modest performance improvement.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
|
||||
extend the PubkeyAuthentication configuration directive to
|
||||
accept yes|no|unbound|host-bound to allow control over one of the
|
||||
protocol extensions used to implement agent-restricted keys.
|
||||
<!-- OpenSSH 9.0 -->
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
use the hybrid Streamlined NTRU Prime + x25519 key
|
||||
exchange method by default ("sntrup761x25519-sha512@openssh.com").
|
||||
The NTRU algorithm is believed to resist attacks enabled by future
|
||||
|
@ -1194,11 +1194,11 @@ to 7.1.
|
|||
later" attacks where an adversary who can record and store SSH
|
||||
session ciphertext would be able to decrypt it once a sufficiently
|
||||
advanced quantum computer is available.
|
||||
<li><a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>:
|
||||
support the "copy-data" extension to allow server-
|
||||
side copying of files/data, following the design in
|
||||
draft-ietf-secsh-filexfer-extensions-00.
|
||||
<li><a href=https://man.openbsd.org/sftp.1>sftp(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>:
|
||||
add a "cp" command to allow the sftp client to perform
|
||||
server-side file copies.
|
||||
</ul>
|
||||
|
@ -1206,69 +1206,69 @@ to 7.1.
|
|||
<li>Bugfixes
|
||||
<ul>
|
||||
<!-- OpenSSH 8.9 -->
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
document that CASignatureAlgorithms, ExposeAuthInfo and
|
||||
PubkeyAuthOptions can be used in a Match block.
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix possible string truncation when constructing paths to
|
||||
.rhosts/.shosts files with very long user home directory names.
|
||||
<li>ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
|
||||
exchange hashes
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
|
||||
don't put the TTY into raw mode when SessionType=none,
|
||||
avoids ^C being unable to kill such a session.
|
||||
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
|
||||
fix some corner-case bugs in SFTP-mode handling of
|
||||
~-prefixed paths.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
|
||||
unbreak hostbased auth using RSA keys. Allow
|
||||
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a> to
|
||||
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> to
|
||||
select RSA keys when only RSA/SHA2 signature algorithms are
|
||||
configured (this is the default case). Previously RSA keys were
|
||||
not being considered in the default case.
|
||||
<li>ssh-keysign(1): make ssh-keysign use the requested signature
|
||||
algorithm and not the default for the key type. Part of unbreaking
|
||||
hostbased auth for RSA/SHA2 keys.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
|
||||
stricter UpdateHostkey signature verification logic on
|
||||
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
|
||||
except when RSA/SHA1 was explicitly negotiated during initial
|
||||
KEX
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix signature algorithm selection logic for
|
||||
UpdateHostkeys on the server side. The previous code tried to
|
||||
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
|
||||
cases. This will use RSA/SHA2 signatures for RSA keys if the
|
||||
client proposed these algorithms in initial KEX.
|
||||
<li>All: convert all uses of
|
||||
<a href=https://man.openbsd.org/select.2>select(2)</a>/
|
||||
<a href=https://man.openbsd.org/pselect.2>pselect(2)</a> to
|
||||
<a href=https://man.openbsd.org/poll.2>poll(2)</a>/
|
||||
<a href=https://man.openbsd.org/ppoll.2>ppoll(2)</a>.
|
||||
<a href="https://man.openbsd.org/select.2">select(2)</a>/
|
||||
<a href="https://man.openbsd.org/pselect.2">pselect(2)</a> to
|
||||
<a href="https://man.openbsd.org/poll.2">poll(2)</a>/
|
||||
<a href="https://man.openbsd.org/ppoll.2">ppoll(2)</a>.
|
||||
This includes the mainloops in
|
||||
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>
|
||||
and <a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>,
|
||||
as well as the <a href=https://man.openbsd.org/sshd.8>sshd(8)</a>
|
||||
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>
|
||||
and <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>,
|
||||
as well as the <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>
|
||||
listen loop and all other FD read/writability checks.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
the "-Y find-principals" command was verifying key
|
||||
validity when using ca certs but not with simple key lifetimes
|
||||
within the allowed signers file.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
make sshsig verify-time argument parsing optional
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix truncation in rhosts/shosts path construction.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
avoid xmalloc(0) for PKCS#11 keyid for ECDSA
|
||||
keys (we already did this for RSA keys). Avoids fatal errors for
|
||||
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
|
||||
"cryptoauthlib"
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
improve the testing of credentials against
|
||||
inserted FIDO: ask the token whether a particular key belongs to
|
||||
it in cases where the token supports on-token user-verification
|
||||
|
@ -1276,62 +1276,62 @@ to 7.1.
|
|||
Will reduce spurious "Confirm user presence" notifications for key
|
||||
handles that relate to FIDO keys that are not currently inserted in at
|
||||
least some cases.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
correct value for IPTOS_DSCP_LE. It needs to
|
||||
allow for the preceding two ECN bits.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
add missing -O option to usage() for the "-Y sign" option.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
fix a NULL deref when using the find-principals
|
||||
function, when matching an allowed_signers line that contains a
|
||||
namespace restriction, but no restriction specified on the
|
||||
command-line
|
||||
<li><a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
|
||||
fix memleak in process_extension(); oss-fuzz issue #42719
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
|
||||
suppress "Connection to xxx closed" messages when LogLevel
|
||||
is set to "error" or above.
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
use correct zlib flags when inflate(3)-ing compressed packet data.
|
||||
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
|
||||
when recursively transferring files in SFTP mode, create the
|
||||
destination directory if it doesn't already exist to match
|
||||
<a href=https://man.openbsd.org/scp.1>scp(1)</a> in
|
||||
<a href="https://man.openbsd.org/scp.1">scp(1)</a> in
|
||||
legacy RCP mode behaviour.
|
||||
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
|
||||
many improvements in error message consistency between
|
||||
<a href=https://man.openbsd.org/scp.1>scp(1)</a>
|
||||
<a href="https://man.openbsd.org/scp.1">scp(1)</a>
|
||||
in SFTP mode vs legacy RCP mode.
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix potential race in SIGTERM handling
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8))</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8))</a>:
|
||||
since DSA keys are deprecated, move them to the end of the default
|
||||
list of public keys so that they will be tried last.
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
allow 'ssh-keygen -Y find-principals' to match
|
||||
wildcard principals in allowed_signers files
|
||||
<!-- OpenSSH 9.0 -->
|
||||
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>,
|
||||
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
|
||||
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
fix
|
||||
<a href=https://man.openbsd.org/poll.2>poll(2)</a> spin when a
|
||||
<a href="https://man.openbsd.org/poll.2">poll(2)</a> spin when a
|
||||
channel's output fd closes without data in the channel buffer.
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
pack pollfd array in server listen/accept loop. Could
|
||||
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE
|
||||
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
|
||||
avoid NULL deref via the find-principals and check-novalidate operations.
|
||||
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>:
|
||||
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
|
||||
fix a memory leak in argument processing.
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
don't try to resolve ListenAddress directives in the sshd
|
||||
re-exec path. They are unused after re-exec and parsing errors
|
||||
(possible for example if the host's network configuration changed)
|
||||
could prevent connections from being accepted.
|
||||
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>:
|
||||
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
|
||||
when refusing a public key authentication request from a
|
||||
client for using an unapproved or unsupported signature algorithm
|
||||
include the algorithm name in the log message to make debugging
|
||||
|
|
Loading…
Reference in New Issue